Want The Government To Do Something About Cybersecurity? Advocate Congress establish a permanent joint committee on information technology

The United States Congress Permanent Joint Committee on Information Technology does not exist, yet.

But with attack after attack against our nation's IT systems the time has come to consider the idea.

First, some background on what a Joint Committee of Congress can be. Congress has great leeway in how it executes its constitutionally mandated responsibilities to legislate and fund. On some particularly thorny issues, joint committees which include members of both the House and Senate can be formed. Once in history, Congress decided there was an issue of such significant national importance that they passed a law establishing a permanent joint committee with legislative authority. This was the United States Congress Joint Committee on Atomic Energy (JCAE).

This joint committee was formed in response to both a dramatic threat and an incredible opportunity. The threat was the potential of nuclear war. The opportunity was the potential to use nuclear science to generate electricity to power cities as well as naval vessels, as well as opportunities to use nuclear science in medicine and industry. It was clear to congress at the time that success in response to the threat and success in gaining national benefit from nuclear energy would require a different way of doing things. So, the response was the United States Atomic Energy Act of 1946. For over 30 years the Joint Committee this act set up provided bi-partisan solutions broadly supported and widely credited with bringing unity of effort to many multiple complex activities.

We are in need of such dramatic progress in how the nation leverages Information Technology that a similar approach may be required today. Consider, for example, some of the capabilities and powers of the Joint Committee on Atomic Energy (JCAE). The JCAE oversaw 100% of the executive branch's involvement in atomic energy and nuclear weapons, and provided the legislative framework governing research into nuclear science throughout the country. Here is some additional important/relevant context to consider (from Wikipedia):

The Joint Committee on Atomic Energy (JCAE) was a United States congressional committee that was tasked with exclusive jurisdiction over "all bills, resolutions, and other matters" related to civilian and military aspects of nuclear power from 1946 through 1977. It was established by the United States Atomic Energy Act of 1946, and was the overseer of the United States Atomic Energy Commission. For its broad powers, it is described as one of the most powerful congressional committees in U.S. history. It was the only permanent joint committee in modern times to have legislative authority.

The panel coupled these legislative powers with exclusive access to the information upon which its highly secretive deliberations were based. The joint committee was also entitled by statute to be kept "fully and currently informed" of all commission activities and vigorously exercised that statutory right, demanding information and attention from the executive branch in a fashion that arguably has no equivalent today.

One major power wielded by the JCAE was the "Legislative Veto." This unique power enabled the JCAE to influence policy decisions while matters were pending. This enabled the JCAE to act as a co-decision maker with the executive branch rather than only providing congressional oversight of actions that had already occurred. The legislative veto power was later found to be unconstitutional by the United States Supreme Court in 1983.

During the 1970s, the committee's role in shaping nuclear policy began to diminish after the Nuclear Regulatory Commission was created to replace the Atomic EnergyCommission. Congress soon transferred the bulk of the joint committee's jurisdiction over civilian nuclear power to other standing congressional committees in the House and Senate. The joint committee was finally abolished on August 5, 1977.

I'm hoping you find that information important background as you think through the right structures our nation should put into place to help us deal with the modern world of interconnected Information Technology.

So lets continue with the analogy for a moment.

Like in the early days of the nuclear age, today we face both a challenge and an opportunity.

The challenge is one most today call the cyber threat, which is huge, and growing, and hard for humans to realize and mentally deal with (see this on Cyber Threat Amnesia). The opportunity is one many today call the IT revolution, but others call web2.0, gov2.0, or just the optimized benefits of the information age.

In both response to the threat and the ability to reap the benefits of IT we are lacking as a nation. Regarding the threat: Criminals violate the personal privacy of our citizens through cyber snooping and attacks, organizations steal corporate intellectual property (which hurts in our ability to create jobs and value), terrorists gain advantage through use of IT, and nation states conduct espionage stealing our secrets. Cyber crime costs billions of dollars, perhaps trillions. And every logical strategy, technology and technique tried by the executive branch and smart industry leaders has fallen short. Something else must be done to address the cyber threat.

Our IT infrastructures and capabilities are known to produce benefits for our economy, but clearly we are sub optimized in our current approach. Our schools still teach the old way with almost no benefits from new technology. Most students have no more than a working knowledge of computers. And we turn out too few who can master IT. Economically, we have great unrealized potential in using IT to enable job growth and economic benefits while reducing cost of healthcare, cost of living and cost of education. Smart IT can also reduce cost of business and reduce the cost of goods to consumers. In the federal government, IT helps serve citizens but CIOs and CTOs struggle agency by agency to deliver value. Trends in "Big Data" approaches to making sense over data hold great promise, but there are not coherent government-wide policies that can optimize these sensemaking activities. And multiple committees in both houses of congress try to exercise oversight over agencies and programs, but the federal enterprises have a mixed record of being able to deliver on the promise of IT.

But if we keep doing things the same old way, we are going to get the same old results, don't you think?

Maybe what we need is a better framework of laws, a smarter ability to learn from and interact with our nation's IT industry, and a smarter way to learn from and respond to our citizens. And maybe what we need is a smarter way to interact with nation's globally. And maybe what we need is a better way to enable protection for our citizens, enhance training for our students, and enable all elements of our economy to achieve more through more powerful IT.

So, one option, by analogy:

United States Congress Permanent Joint Committee on Information Technology.

The basic concept is that Congress must do something dramatically different if it is to expect different results. So must the executive branch.

Is a permanent joint committee on IT the right answer? At this point it is hard to imagine that it could hurt.